﻿


using System;
using System.Collections.Generic;
using System.Web;
using System.Web.Mvc;
using System.Linq;
using Demo.Infrastructure;

using Demo.Web.UserService;
using Demo.Web.ModuleService;
using Demo.Web.ActionService;

namespace Demo.Web.Controllers
{

    /// <summary>
    /// MVC 控制器基类。权限判断
    /// </summary>
    public class BaseController: Controller
    {
        private static readonly UserServiceClient userClient = new UserServiceClient();

        private static readonly ModuleService.ModuleServiceClient moduleClient = new ModuleServiceClient();

        private static readonly ActionServiceClient actionClient = new ActionServiceClient();

        protected override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);

            var user = HttpUserContext.Current.UserInfo;

            ViewBag.CurrentUser = user;// user;

            if (user == null)
            {
                filterContext.HttpContext.Response.StatusCode = 403;
            }
            else if (filterContext.ActionDescriptor.IsDefined(typeof(PerssionsAttribute), false))
            {
                var attr = filterContext.ActionDescriptor.GetCustomAttributes(typeof(PerssionsAttribute), false).FirstOrDefault() as PerssionsAttribute;
                if (attr != null)
                {
                    var moduleName = attr.moduleName;
                    var actionName = attr.actionName;
                    var type = attr.type;

                    if(type != PerssionType.Normal)
                    {
                        if (user != null && type == PerssionType.AfterAccess)
                        {

                        }
                        else if (user != null && type == PerssionType.Verification)
                        {
                            //var myModule = moduleClient.GetModuleDTOWithUserId(user.UserID).Where(m => m.Name == moduleName).FirstOrDefault();
                            var myModule = HttpUserContext.Current.Modules.Where(m => m.Name == moduleName).FirstOrDefault();
                            if (myModule != null)
                            {
                                //var myActions = actionClient.GetActionDTOWithUserId(user.UserID);
                                var myActions = HttpUserContext.Current.Actions;
                                var action = myActions.Where(p => p.Name == actionName && p.ModuleID == myModule.ModuleID).FirstOrDefault();
                                if (type != PerssionType.AfterAccess && action == null)
                                {
                                    filterContext.HttpContext.Response.StatusCode = 403;
                                }
                            }
                            else
                            {
                                filterContext.HttpContext.Response.StatusCode = 403;
                            }
                        }
                        else
                        {
                            filterContext.HttpContext.Response.StatusCode = 403;
                        }
                            
                    }
                }
            }
        }

        protected override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            base.OnActionExecuting(filterContext);

            var user = Session["User"] as UserDTO;
            var cN = filterContext.RouteData.Values["Controller"].ToString();
            var aN = filterContext.RouteData.Values["action"].ToString();

            if (cN == "Layout" || cN == "Menu" )
            {
            
            }
            else if (user == null && cN != "Account" && aN != "Login")
            {
                filterContext.HttpContext.Response.Redirect("/Account/Login");
            } 
            else if (user != null &&  filterContext.HttpContext.Response.StatusCode == 403)
            {
                filterContext.HttpContext.Response.Redirect("/Account/NoAccess");
            }
        }
    }


}
